tfdocs.md

Module documentation

Required Inputs

The following input variables are required:

acr_login_server

Description: The login server for the Azure Container Registry.

Type: string

ai_connstring

Description: The App Insights connection string.

Type: string

app_service_logs_disk_quota_mb

Description: The amount of disk space to use for app service logs.

Type: number

app_service_logs_retention_period_days

Description: The retention period for logs in days.

Type: number

asp_id

Description: The ID of the AppServicePlan.

Type: string

function_app_name

Description: Name of the Function App

Type: string

image_name

Description: Name of the docker image

Type: any

image_tag

Description: Tag of the docker image

Type: any

location

Description: The location/region where the Function App is created.

Type: string

log_analytics_workspace_id

Description: id of the log analytics workspace to send resource logging to via diagnostic settings

Type: string

monitor_diagnostic_setting_function_app_enabled_logs

Description: Controls what logs will be enabled for the function app

Type: list(string)

monitor_diagnostic_setting_function_app_metrics

Description: Controls what metrics will be enabled for the function app

Type: list(string)

private_endpoint_properties

Description: Consolidated properties for the Function App Private Endpoint.

Type:

object({
    private_dns_zone_ids                 = optional(list(string), [])
    private_endpoint_enabled             = optional(bool, false)
    private_endpoint_subnet_id           = optional(string, "")
    private_endpoint_resource_group_name = optional(string, "")
    private_service_connection_is_manual = optional(bool, false)
  })

resource_group_name

Description: The name of the resource group in which to create the Function App. Changing this forces a new resource to be created.

Type: string

storage_account_name

Description: The name of the Storage Account.

Type: string

worker_32bit

Description: Should the Windows Function App use a 32-bit worker process. Defaults to true

Type: bool

Optional Inputs

The following input variables are optional (have default values):

acr_mi_client_id

Description: The Managed Identity Id for the Azure Container Registry.

Type: any

Default: null

action_group_id

Description: The ID of the Action Group to use for alerts.

Type: string

Default: null

alert_4xx_threshold

Description: The threshold for 4xx errors to trigger the alert.

Type: number

Default: 10

alert_5xx_threshold

Description: The threshold for 4xx errors to trigger the alert.

Type: number

Default: 10

alert_auto_mitigate

Description: Enable or disable automatic mitigation of the alert when the issue is resolved.

Type: bool

Default: true

alert_window_size

Description: The period of time that is used to monitor alert activity e.g. PT1M, PT5M, PT15M, PT30M, PT1H, PT6H, PT12H. The interval between checks is adjusted accordingly.

Type: string

Default: "PT5M"

always_on

Description: Should the Function App be always on. Override standard default.

Type: bool

Default: true

app_settings

Description: Map of values for the app settings

Type: map

Default: {}

assigned_identity_ids

Description: The list of User Assigned Identity IDs to assign to the Function App.

Type: list(string)

Default: []

cont_registry_use_mi

Description: Should connections for Azure Container Registry use Managed Identity.

Type: bool

Default: false

cors_allowed_origins

Description: n/a

Type: list(string)

Default:

[
  ""
]

enable_alerting

Description: Whether monitoring and alerting is enabled for the App Service Plan.

Type: bool

Default: false

entra_id_group_ids

Description: n/a

Type: list(string)

Default: []

ftp_publish_basic_authentication_enabled

Description: Enable basic authentication for FTP. Defaults to false.

Type: bool

Default: false

ftps_state

Description: Enable FTPS enforcement for enhanced security. Allowed values = AllAllowed (i.e. FTP & FTPS), FtpsOnly and Disabled (i.e. no FTP/FTPS access). Defaults to AllAllowed.

Type: string

Default: "Disabled"

function_app_slots

Description: function app slots

Type:

list(object({
    function_app_slots_name   = optional(string, "staging")
    function_app_slot_enabled = optional(bool, false)
  }))

Default: []

health_check_eviction_time_in_min

Description: The time in minutes a node can be unhealthy before being removed from the load balancer.

Type: number

Default: null

health_check_path

Description: The path to be checked for this function app health.

Type: string

Default: null

http2_enabled

Description: Specifies whether or not the HTTP2 protocol should be enabled. Defaults to false

Type: bool

Default: false

http_version

Description: The HTTP version to use for the function app. Override standard default.

Type: string

Default: "2.0"

https_only

Description: Can the Function App only be accessed via HTTPS? Override standard default.

Type: bool

Default: true

ip_restriction_default_action

Description: Default action for FW rules

Type: string

Default: "Deny"

ip_restrictions

Description: n/a

Type:

map(object({
    headers = optional(list(object({
      x_azure_fdid      = optional(list(string))
      x_fd_health_probe = optional(list(string))
      x_forwarded_for   = optional(list(string))
      x_forwarded_host  = optional(list(string))
    })), [])
    ip_address                = optional(string)
    name                      = optional(string)
    priority                  = optional(number)
    action                    = optional(string, "Deny")
    service_tag               = optional(string)
    virtual_network_subnet_id = optional(string)
  }))

Default: {}

minimum_tls_version

Description: n/a

Type: string

Default: "1.2"

public_network_access_enabled

Description: Should the Function App be accessible from the public network. Override standard default.

Type: bool

Default: false

rbac_role_assignments

Description: Map of RBAC role assignments by region

Type:

list(object({
    role_definition_name = string
    scope                = string
  }))

Default: []

resource_group_name_monitoring

Description: The name of the resource group in which to create the Monitoring resources for the App Service Plan. Changing this forces a new resource to be created.

Type: string

Default: null

severity

Description: Severity of the alert. 0 = Critical, 1 = Error, 2 = Warning, 3 = Informational, 4 = Verbose. Default is 3.

Type: number

Default: 3

storage_account_access_key

Description: The Storage Account Primary Access Key.

Type: string

Default: null

storage_uses_managed_identity

Description: Should the Storage Account use a Managed Identity. Defaults to false.

Type: bool

Default: false

tags

Description: Resource tags to be applied throughout the deployment.

Type: map(string)

Default: {}

vnet_integration_subnet_id

Description: The ID of the subnet to integrate the Function App with.

Type: string

Default: null

webdeploy_publish_basic_authentication_enabled

Description: Enable basic authentication for WebDeploy. Override standard default.

Type: bool

Default: false

Modules

The following Modules are called:

diagnostic-settings

Source: ../diagnostic-settings

Version:

function_app_slots

Source: ../function-app-slots

Version:

private_endpoint

Source: ../private-endpoint

Version:

rbac_assignments

Source: ../rbac-assignment

Version:

Outputs

The following outputs are exported:

function_app_endpoint_name

Description: The function app endpoint name.

function_app_sami_id

Description: The Principal ID of the System Assigned Managed Service Identity that is configured on this Linux Function App.

id

Description: The id of the Linux Function App.

name

Description: The name of the Linux Function App.

Resources

The following resources are used by this module:

• azuread_group_member.function_app (resource)
• azurerm_linux_function_app.function_app (resource)
• azurerm_monitor_metric_alert.function_4xx (resource)
• azurerm_monitor_metric_alert.function_5xx (resource)